Right now ATS is only enforced by our high-level APIs (NSURLSession, NSURLConnection, and anything layered on top of those), and there’s been no announcements about that changing.

Keep in mind, however, that ATS’s enhanced security requirements are not arbitrary; they are defined to give your users a good level of security on an increasingly hostile Internet. As such, your app should aim to comply with these requirements even if ATS is not actively enforcing them.